HUAWEI EMUI/Magic UI security updates June 2021
HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:
This security update includes the CVE announced in the June 2021 Android security bulletin.
Critical:CVE-2021-0516,CVE-2021-0507
High:CVE-2020-11292,CVE-2021-0504,CVE-2021-0508,CVE-2021-0509,CVE-2021-0510,CVE-2021-0511,CVE-2021-0506,CVE-2021-0517,CVE-2021-0520,CVE-2021-0521,CVE-2021-0522,CVE-2021-0523,CVE-2021-0505
Medium:none
Low: none
Already included in previous updates:CVE-2020-0009,CVE-2018-11985,CVE-2020-0478,CVE-2020-0473,CVE-2020-27054,CVE-2020-27046,CVE-2020-0298,CVE-2020-0299,CVE-2021-0446,CVE-2021-0487,CVE-2021-1906,CVE-2021-1905,CVE-2021-28663,CVE-2021-28664,CVE-2021-0493,CVE-2021-0494,CVE-2021-0495,CVE-2021-0496,CVE-2021-0497,CVE-2021-0498,CVE-2021-0491,CVE-2021-0490,CVE-2021-0489,CVE-2021-0492,CVE-2019-9358,CVE-2020-0359,CVE-2020-27059
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-22388: Out-of-bounds array access in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2020-24587: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-22445: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22444: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code injection.
CVE-2021-22443: Improper verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause random address access.
CVE-2021-22442: Improper verification of the integrity check result in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22438: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22433: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs
CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs
CVE-2021-22430: Logic bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code injection.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22429: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs
CVE-2021-22428: Race condition vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22427: Race condition vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22426: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs
CVE-2021-22415: DoS vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause kernel exceptions with the code.
CVE-2021-22414: Stack overflow vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22413: Out-of-bounds memory write vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22412: Out-of-bounds address access in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause random kernel address access.
CVE-2021-22392: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.
Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs
CVE-2021-22391: Stack overflow vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22390: UAF vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2021-22389: Kernel address rewrite vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2021-22446: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22387: Deserialization vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may allow attempts to remotely execute commands.
CVE-2021-22386: Race condition vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22385: NFC-based connection authentication vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22384: Race condition vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22381: Bluetooth protocol stack vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause an infinite loop in DoS.
CVE-2021-22380: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
Acknowledgment: Mathy Vanhoef, New York University Abu Dhabi
CVE-2021-22379: Integer overflow vulnerability in some HUAWEI phones
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause DoS of Samgr.
CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.
CVE-2021-22375: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.
CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22367: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause integer overflows.
CVE-2020-26558: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2020-26555: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2020-26147: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26146: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26145: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26144: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26143: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26142: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26141: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26140: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26139: Vulnerability of forwarding unverified packets in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-24588: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-22447: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22448: Improper verification vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause unauthorized read and write of some files.
CVE-2020-24586: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
- en